And "deluge" is the right word. According to a study by Janrain and Harris Interactive, about 58 percent of online adults have five or more unique passwords for logon and more than 30 percent have 10 or more passwords. And a study of password habits conducted by Microsoft found that the average user has 25 different web accounts but manages them with just 6.5 passwords.
"This causes a saturation point, especially when websites require regular changes to passwords," Ponemon says. "It also triggers fallout such as reluctance to sign up for new services requiring yet another username/password, or abandoning a web transaction after repeated failed logon attempts."
This has led many users to use either an easily remembered, weak password or to reuse the same password for multiple accounts, Ponemon says. This is backed up by a technical analysis of password data breaches conducted by researchers in the security group of the University of Cambridge Computer Laboratory. The researchers studied data breaches of both Gawker and Rootkit.com and determined that among the users that were members of both sites, 76 percent used the same password on both.
"This study shows the challenge presented by our continued dependence on the troubled password," says Dunkelberger. "Not only are breaches increasing because of password re-use across different web services, but this failure and insecurity is reducing consumer confidence when doing business online. It's time we evolved our thinking about how businesses authenticate their customers."
Consumers Want Strong Authentication, Even Biometrics
While consumers are feeling password fatigue, they also appear to be savvy enough to understand that strong authentication is important. Ponemon found strong acceptance for the idea of using a multi-purpose strong identity credential: 51 percent of respondents in the U.S., 45 percent of respondents in the U.K. and 62 percent of respondents in Germany were in favor.
Additionally, these consumers identified identification and authentication when traveling, accessing the Internet and using social networks as the most popular reasons for having a single ID.
Consumers are increasingly open to the idea of using biometrics for authentication.
"Most respondents are comfortable with using biometrics, and believe it is acceptable for a trusted organization such as their bank, credit card companies, health care provider, telecom, email provider or governmental organization to use factors such as voice or fingerprints to verify their identity," Ponemon said.
Only 31 percent of U.S. respondents, 30 percent of U.K. respondents and 26 percent of German respondents indicated they were not comfortable with biometrics. In fact, German respondents on the whole favor biometics for managing multi-purpose identity credentials. Respondents from the U.S. would prefer to use their mobile devices for identification purposes and respondents from the U.K. favor the use of RFID chips.
Sign up for Computerworld eNewsletters.